qc18-jfs.txt

tarzeau i've made a banner for tiger, can i show? amd of course ;) tarzeau www.linuks.mine.nu/tiger.jpg amd heh ;) sarnold (I thought it was dead, yes :) tarzeau tiger's great i've tried it on solaris amd how can i see if a packet is suspicious? tarzeau don't forget that thing with the ant tarzeau prelude-ids or so tarzeau amd: good question :) amd newbie q ;) tarzeau amd: i use ngrep/tcpdump/iptraf for things tarzeau amd: sometimes you can see it in one thing better than in another tarzeau amd: sometimes netstat -i or -s is interesting too tarzeau amd: to give you an idea what things look like www.linuks.mine.nu/network/ tarzeau jfs: can you give examples jfs tarzeau: of Tiger? tarzeau real life ones (just short, so we have an idea for those without much imagination) tarzeau (and those too lazy :) jfs tarzeau: have I answered your question? tarzeau jfs: yes thank you :) * amd thanks jfs and tarzeau ;) amd what if user runs malicious programs with the help of cron? vizard how come do we fall asleep? :-) gorog hi amd like setting up a cronjob which periodically sends uptime to a server? (like tuxtime project) gorog i missed this lecture... gorog what's the next? amd you can still ask ;) gorog and when? sarnold gorog, seemant's gentoo lecture starts at 2200 tarzeau gorog: just right now, maybe read up what was going tarzeau maybe someone can put it online? sarnold Mon Dec 16 19:46:47 UTC 2002 amd thanks, jfs jfs amd: you are welcome sarnold jfs: i think i'd like to hear current architecture and problems, and future evolution .. just slightly higher level than actually writing modules :) baikonur evolution amd and we can read history later ;) manaha design Daper design manaha :) amd design radical_ design tarzeau evolution vizard tarzeau, nice call at debianplanet :-) Ston_ design! MJesus evolution tarzeau vizard: if only i knew before i started visiting here which alan's talk tarzeau vizard: nice organizing! Ratta_ evolucion melvyn evolution sergio design Ratta_ evolution amd do the typos also count ;) Ston_ design 2 / evolution 3 ? :) majeu arch lopopora evolution vizard design Ston_ design 3 / evolution 4 Heimy amd: evolución is Spanish for evolution :-) global_v design Ston_ design 4 / evolution 4 sarnold heh, i count design 9, evolution 8 :) Ston_ ups :X tarzeau maybe we need to talk about both? Heimy heh vizard design 7 jfs evolution 7: baikonur, tarzeau, MJesus, Ratta_, melvyn, lopopora Ratta_102 can you tell a short description about evolution? Ratta_102 and then continue with degisn jfs design: manaha, Daper, amd, radical_, Ston_,sergio, majeu,vizard, global_v (9) jfs ok vizard whoohoo! vizard i won i won! ! first time ! :-) sarnold vizard :) Lovechild design * Ston_ slap viZard Ratta_22 y si primero hacen una breve descripcion de evolution? y luego siguen con design? Lovechild jfs: ZZzz... no wait... seemant evolution seemant or am I late? baikonur you're late * Lovechild hands out free coffee asymetrix ..wake me up before you go go... :) * sarnold kicks asymetrix * amd wishes that next year lectures wouldn't start all @ midnight... baikonur hey it is 9 p.m. :o) amd UTC+2 isn't the best timezone to live, atm ;) lopopora un cuento para ke las personas despierten! sarnold amd: heh, if you lived in .au, they'd all start at 0700 and so forth! it could be worse! ;) Ratta_22 este diciendo que primero va a hablar del diseno, no seria mejor al reves? Lovechild amd: me too.. but the americans are on the other side of the world, and if they are the speakers, we must stay up * amd tries to understand... Ratta_22 siguen hablando en #redes? vizard not me :-) sarnold jfs: what prevents an intruder from just updating the baseline file to prevent checks from being run? amd how to the tiger reports look like? eks jfs: thanks for the presentation :) Ratta_22 gente: alguien va a guardar los logs? MJesus si.... the log are placed in the web as soon as possible, here: jfs Ratta_22: los ponen en Uninet MJesus http://umeet.uninet.edu/umeet2002/english/des.eng.html Ratta_22 MJesus : thank yo MJesus and after this it could be at http://red.uninet.edu/umeet/english/des.eng.html tarzeau here's another exmpale, www.linuks.mine.nu/people/amd/tiger.txt amd thx Heimy jfs: creo que sólo se está traduciendo al español, y hace rato que dije a la gente que preguntase :-) tarzeau jfs: have you tried tiger on the Hurd too yet? or on some bsd's? tarzeau i've tried it on solaris, works there nice as well jfs Heimy: me habían dicho que había al holandés Heimy jfs: Mmh... Heimy Ah, vale Heimy Por cierto, a las 10 hay otra presentación, o algo así :-) Heimy Para que te controles el tiempo ;) Heimy (10 tuyas) MJesus a las 11 Heimy ah, vale tarzeau jfs: you should mention harden-doc no? tarzeau and let me quote apt (from a slashdot post) tarzeau 21:35 <apt> I don't need no steenkin backups However, I'm sure at least two tarzeau other me's in parallel dimensions do, so I'm probably good to go. tarzeau Hopefully the other me's in the other dimensions aren't counting on tarzeau me to keep backups. Those idiots. jfs tarzeau: that's maybe too Debian dependant :) tarzeau jfs: nah it has quite some good general ideas! tarzeau jfs: you mean because the word "debian" is in almost any sentence? :) tarzeau run it through sed s/Debian/Your\ system/g jfs tarzeau: :) j2 cough ;P tarzeau amd: btw you should try driftnet some time! amd hm... * amd tries... bart jfs: how long does a normal tiger scan takes on lets say a pentium III 750 sarnold jfs: same as transarc (DFS?) jfs bart: I will answer this later ok? jose_n sorry i'm getting here late. has anyone asked about jfs' experiences with systrace? jose_n (marius erikson has ported it to Linux 2.4) jfs nop jfs nobody has asked :) jose_n then i shall ask: have you looked at systrace at all for some of your interests? * amd hunts some pr0n to test driftnet jfs not yet :) jfs will do :) jose_n http://www.citi.umich.edu/u/provos/systrace/linux.html tarzeau jfs: you know chkrootkit right? jfs yes amd what's the lecture's title in english? jose_n a solution for the detection of intrusions and (changes?) amd thanks ;) jose_n i think that last word is changes. jfs jose_n: An intrusion detection and security audit solution jose_n no, its not. its auditing :) jose_n my bad... thanks jfs. sarnold jfs, oooh :) amd jfs, don't forget the driftnet ;) jfs amd: driftnet? amd http://freshmeat.net/redir/driftnet/16748/url_homepage/driftnet bart leave #qc bart ouch amd use /part ;) the_freak g une question a propos de lintallation de linux mandrake tarzeau jfs: thanks for the presentation the_freak english or french here jfs tarzeau: you are welcome Generated by irclog2html.pl 2.1 by Jeff Waugh - find it at freshmeat.net!

`tarzeau`	`i've made a banner for tiger, can i show?`
`amd`	`of course ;)`
`tarzeau`	`www.linuks.mine.nu/tiger.jpg`
`amd`	`heh ;)`
`sarnold`	`(I thought it was dead, yes :)`
`tarzeau`	`tiger's great i've tried it on solaris`
`amd`	`how can i see if a packet is suspicious?`
`tarzeau`	`don't forget that thing with the ant`
`tarzeau`	`prelude-ids or so`
`tarzeau`	`amd: good question :)`
`amd`	`newbie q ;)`
`tarzeau`	`amd: i use ngrep/tcpdump/iptraf for things`
`tarzeau`	`amd: sometimes you can see it in one thing better than in another`
`tarzeau`	`amd: sometimes netstat -i or -s is interesting too`
`tarzeau`	`amd: to give you an idea what things look like www.linuks.mine.nu/network/`
`tarzeau`	`jfs: can you give examples`
`jfs`	`tarzeau: of Tiger?`
`tarzeau`	`real life ones (just short, so we have an idea for those without much imagination)`
`tarzeau`	`(and those too lazy :)`
`jfs`	`tarzeau: have I answered your question?`
`tarzeau`	`jfs: yes thank you :)`
`* amd thanks jfs and tarzeau ;)`
`amd`	`what if user runs malicious programs with the help of cron?`
`vizard`	`how come do we fall asleep? :-)`
`gorog`	`hi`
`amd`	`like setting up a cronjob which periodically sends uptime to a server? (like tuxtime project)`
`gorog`	`i missed this lecture...`
`gorog`	`what's the next?`
`amd`	`you can still ask ;)`
`gorog`	`and when?`
`sarnold`	`gorog, seemant's gentoo lecture starts at 2200`
`tarzeau`	`gorog: just right now, maybe read up what was going`
`tarzeau`	`maybe someone can put it online?`
`sarnold`	`Mon Dec 16 19:46:47 UTC 2002`
`amd`	`thanks, jfs`
`jfs`	`amd: you are welcome`
`sarnold`	`jfs: i think i'd like to hear current architecture and problems, and future evolution .. just slightly higher level than actually writing modules :)`
`baikonur`	`evolution`
`amd`	`and we can read history later ;)`
`manaha`	`design`
`Daper`	`design`
`manaha`	`:)`
`amd`	`design`
`radical_`	`design`
`tarzeau`	`evolution`
`vizard`	`tarzeau, nice call at debianplanet :-)`
`Ston_`	`design!`
`MJesus`	`evolution`
`tarzeau`	`vizard: if only i knew before i started visiting here which alan's talk`
`tarzeau`	`vizard: nice organizing!`
`Ratta_`	`evolucion`
`melvyn`	`evolution`
`sergio`	`design`
`Ratta_`	`evolution`
`amd`	`do the typos also count ;)`
`Ston_`	`design 2 / evolution 3 ? :)`
`majeu`	`arch`
`lopopora`	`evolution`
`vizard`	`design`
`Ston_`	`design 3 / evolution 4`
`Heimy`	`amd: evolución is Spanish for evolution :-)`
`global_v`	`design`
`Ston_`	`design 4 / evolution 4`
`sarnold`	`heh, i count design 9, evolution 8 :)`
`Ston_`	`ups :X`
`tarzeau`	`maybe we need to talk about both?`
`Heimy`	`heh`
`vizard`	`design 7`
`jfs`	`evolution 7: baikonur, tarzeau, MJesus, Ratta_, melvyn, lopopora`
`Ratta_102`	`can you tell a short description about evolution?`
`Ratta_102`	`and then continue with degisn`
`jfs`	`design: manaha, Daper, amd, radical_, Ston_,sergio, majeu,vizard, global_v (9)`
`jfs`	`ok`
`vizard`	`whoohoo!`
`vizard`	`i won i won! ! first time ! :-)`
`sarnold`	`vizard :)`
`Lovechild`	`design`
`* Ston_ slap viZard`
`Ratta_22`	`y si primero hacen una breve descripcion de evolution? y luego siguen con design?`
`Lovechild`	`jfs: ZZzz... no wait...`
`seemant`	`evolution`
`seemant`	`or am I late?`
`baikonur`	`you're late`
`* Lovechild hands out free coffee`
`asymetrix`	`..wake me up before you go go... :)`
`* sarnold kicks asymetrix`
`* amd wishes that next year lectures wouldn't start all @ midnight...`
`baikonur`	`hey it is 9 p.m. :o)`
`amd`	`UTC+2 isn't the best timezone to live, atm ;)`
`lopopora`	`un cuento para ke las personas despierten!`
`sarnold`	`amd: heh, if you lived in .au, they'd all start at 0700 and so forth! it could be worse! ;)`
`Ratta_22`	`este diciendo que primero va a hablar del diseno, no seria mejor al reves?`
`Lovechild`	`amd: me too.. but the americans are on the other side of the world, and if they are the speakers, we must stay up`
`* amd tries to understand...`
`Ratta_22`	`siguen hablando en #redes?`
`vizard`	`not me :-)`
`sarnold`	`jfs: what prevents an intruder from just updating the baseline file to prevent checks from being run?`
`amd`	`how to the tiger reports look like?`
`eks`	`jfs: thanks for the presentation :)`
`Ratta_22`	`gente: alguien va a guardar los logs?`
`MJesus`	`si.... the log are placed in the web as soon as possible, here:`
`jfs`	`Ratta_22: los ponen en Uninet`
`MJesus`	`http://umeet.uninet.edu/umeet2002/english/des.eng.html`
`Ratta_22`	`MJesus : thank yo`
`MJesus`	`and after this it could be at http://red.uninet.edu/umeet/english/des.eng.html`
`tarzeau`	`here's another exmpale, www.linuks.mine.nu/people/amd/tiger.txt`
`amd`	`thx`
`Heimy`	`jfs: creo que sólo se está traduciendo al español, y hace rato que dije a la gente que preguntase :-)`
`tarzeau`	`jfs: have you tried tiger on the Hurd too yet? or on some bsd's?`
`tarzeau`	`i've tried it on solaris, works there nice as well`
`jfs`	`Heimy: me habían dicho que había al holandés`
`Heimy`	`jfs: Mmh...`
`Heimy`	`Ah, vale`
`Heimy`	`Por cierto, a las 10 hay otra presentación, o algo así :-)`
`Heimy`	`Para que te controles el tiempo ;)`
`Heimy`	`(10 tuyas)`
`MJesus`	`a las 11`
`Heimy`	`ah, vale`
`tarzeau`	`jfs: you should mention harden-doc no?`
`tarzeau`	`and let me quote apt (from a slashdot post)`
`tarzeau`	`21:35 <apt> I don't need no steenkin backups However, I'm sure at least two`
`tarzeau`	`other me's in parallel dimensions do, so I'm probably good to go.`
`tarzeau`	`Hopefully the other me's in the other dimensions aren't counting on`
`tarzeau`	`me to keep backups. Those idiots.`
`jfs`	`tarzeau: that's maybe too Debian dependant :)`
`tarzeau`	`jfs: nah it has quite some good general ideas!`
`tarzeau`	`jfs: you mean because the word "debian" is in almost any sentence? :)`
`tarzeau`	`run it through sed s/Debian/Your\ system/g`
`jfs`	`tarzeau: :)`
`j2`	`cough ;P`
`tarzeau`	`amd: btw you should try driftnet some time!`
`amd`	`hm...`
`* amd tries...`
`bart`	`jfs: how long does a normal tiger scan takes on lets say a pentium III 750`
`sarnold`	`jfs: same as transarc (DFS?)`
`jfs`	`bart: I will answer this later ok?`
`jose_n`	`sorry i'm getting here late. has anyone asked about jfs' experiences with systrace?`
`jose_n`	`(marius erikson has ported it to Linux 2.4)`
`jfs`	`nop`
`jfs`	`nobody has asked :)`
`jose_n`	`then i shall ask: have you looked at systrace at all for some of your interests?`
`* amd hunts some pr0n to test driftnet`
`jfs`	`not yet :)`
`jfs`	`will do :)`
`jose_n`	`http://www.citi.umich.edu/u/provos/systrace/linux.html`
`tarzeau`	`jfs: you know chkrootkit right?`
`jfs`	`yes`
`amd`	`what's the lecture's title in english?`
`jose_n`	`a solution for the detection of intrusions and (changes?)`
`amd`	`thanks ;)`
`jose_n`	`i think that last word is changes.`
`jfs`	`jose_n: An intrusion detection and security audit solution`
`jose_n`	`no, its not. its auditing :)`
`jose_n`	`my bad... thanks jfs.`
`sarnold`	`jfs, oooh :)`
`amd`	`jfs, don't forget the driftnet ;)`
`jfs`	`amd: driftnet?`
`amd`	`http://freshmeat.net/redir/driftnet/16748/url_homepage/driftnet`
`bart`	`leave #qc`
`bart`	`ouch`
`amd`	`use /part ;)`
`the_freak`	`g une question a propos de lintallation de linux mandrake`
`tarzeau`	`jfs: thanks for the presentation`
`the_freak`	`english or french here`
`jfs`	`tarzeau: you are welcome`